11-19-2013 06:52 AM - edited 03-10-2019 09:06 PM
Hi all,
I'm trying to understand the posibilities of the ISE. I would like to configure host authentication without the client having to enter credentials for a second time after logging on to his pc.
Is this possible with DOT1X?
As far as I understand you have to enter your credentials twice. 1 time for windows logon and a second time in the supplicant (eg. Cisco Anyconnect) which sends the EAPOL start frame to the authenticator (switch).
MAB could works without user interference, but is bypassable when you spoof a mac address.
Is there another possibility to set this up?
Maybe I'm asking obvious questions, but I'm a ISE newbie.
Thanks,
Joris
11-22-2013 02:10 PM
Both the Windows supplicant and the Cisco supplicant sends the credentials automatically so there is no need to type the password twice.
11-24-2013 02:46 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide